Different back end authentication.

tnt at kalik.net tnt at kalik.net
Thu Jan 15 03:06:47 CET 2009

>I would like to know if it's possible to have more then one authenticaton backend with Freeradius.


>Let's say I have  User1 on OpenLDAP and User2 On Microosft Windows Active Directory.

No problem.

>I configure my device to send Authentication request (Radius)  to Freeradius User1 and User2 should be able to authentice.
>I was able to make it work separetly but not both at the same time

If you were using ldap as authentication oracle, your problems have
nothing to do with where you stored data but with authentication
protocol. Ldap won't work with mschap requests (that's clearly stated
in ldap module configuration file) while AD integration (ntlm_auth) is
configured in mschap module and won't work with pap requests.

If you use ldap only as storage (don't set auth type) it will work with
mschap requests. If you don't remove ntlm_auth from authenticate
section (AD integration documentation suggests that you should) pap will
work with AD.

Ivan Kalik
Kalik Informatika ISP

More information about the Freeradius-Users mailing list